I'm running SER and Asterisk both on the same machine and i'm
encountering some strangeness in regards to certain UAC's attempts at
ACK'ing a successfull session to the Asterisk VM server as well as the BYE.
Its kind of an ugly problem, a little history first:
Section 12.1.2 of RFC3261 states:
--
The route set MUST be set to the list of URIs in the Record-Route
header field from the response, taken in reverse order and preserving
all URI parameters. If no Record-Route header field is present in
the response, the route set MUST be set to the empty set. This route
set, even if empty, overrides any pre-existing route set for future
requests in this dialog. The remote target MUST be set to the URI
from the Contact header field of the response.
--
Which I interprit as: The RURI of the ACK MUST be equal to the Contact:
in the "200 OK" and a "Route:" field(s) must be added which contains all
the information inside the "Record-Route" header (if present) of the
"200 OK" message.
I actually have one device that does just this, and it works perfectly.
I have two other devices, 1 Cisco 7960 and 1 generic korean UAC that do
NOT do this.
They respond to the "200 OK" with an "ACK" that contains an RURI with
the data that was in the "Record-Route" header of the "200 OK" and a
"Route:" header with the data that was in the "Contact:" of the "200 OK".
Now, the problem:
When the "ACK" hits SER, SER forwards the message to itself (loops)
untill the "Max-Forwards" reaches zero.
The Asterisk server never gets the "ACK" and so resends the "200 OK"
several times which creates another storm of loopback traffic once the
UAC responds with another ACK.
An Observation:
When i move the asterisk server to another machine, the "ACK" is
forwarded properly and the session is established sucessfully , however
when the BYE messages gets to SER it is looped just like the ACK message
was when Asterisk was running on the local machine.
I don't want to post configs or traces just yet as i'm still digging
into it.
I'm just curious if anyone out there with a SIP brain (read RFC3261
knowledgable) could tell me if the above exchange is indeed compliant.
For reference i'm running Voice Software 7.3 on the Cisco 7960
I hope this problem peaks someones interest because i could really use
some help =P
Hi, ALL:
I know the radvision has a series stress test tools for sip proxy.
Does anyone tell me another simple stress test tools for this purpose?
I just want to generate many UAs and register to sip proxy, then make
calls (include voice test) to each other.
--
Best Regards
Charles
I've been posting about this for some time now,I have never been able to
figure out the problem. Do you use external proccesses or anything?
That's the only "weird" thing we really do with SER, everything else is
pretty straight forward.
Search back from my posts and see what you think.
-----Original Message-----
From: Ricardo Martinez [mailto:rmartinez@redvoiss.net]
Sent: Thursday, April 14, 2005 11:16 AM
To: 'serusers(a)lists.iptel.org'
Subject: [Serusers] SER hung - Log Information?
Hello list.
I had been experimenting some weird behavior in my SER program.
A couple of times my SER seems to be hung. For example the first time,
all the REGISTER messages reaching the server were not challenged, even
worst the server don't respond anything. The second time it happened
with the INVITE messages. The weird thing is that the SER process were
still running. I don't know what could cause this problem, but my
question is : Is there a way to log information about the "internal
system process" to have a clue about what is happening?. I would really
appreciate any help. Thanks
Ricardo Martinez.-
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Thanks Bogdan,
I checked the readme and discovered modparam("cpl-c", "cpl_dtd_file",
"/tmp/ser-0.9.0/modules/cpl-c/cpl-06.dtd") worked for me. My ser.cfg
is identical to the one on the ONSIP site. I was wondering if I could
confirm something?...Should the cpl prcoessing be dealt with in the
route[X] sections or before??
i.e. eg:Currently I have:
if (uri==myself){
if (method=="INVITE"){
route(3);
break;
} else if (method == "REGISTER"){
route(2);
break;
};
.....
Would it be appropriate to change this to??:
if (uri==myself){
if (method=="INVITE"){
if (!t_newtran()){
break;
}
if (!cpl_run_script("incoming")){
t_reply("500", "CPL execution failed");
}
route(3);
break;
} else if (method == "REGISTER"){
cpl_process_register();
route(2);
break;
};
.....
Or should it be dealt with in the route[X] sections?...Also is there
example ser.cfg cpl script information or guidelines anywhere that
you know of?? I'd appreciate any information.
Kindest regards,
Aisling.
>
>---- Original Message ----
>From: bogdan(a)voice-system.ro
>To: ashling.odriscoll(a)cit.ie
>Subject: Re: [Serusers] cpl_init: mandatory parameter
>Date: Tue, 12 Apr 2005 18:43:48 +0200
>
>>cpl_dtd_file is the complete path (including filename)of the DTD
>file -
>>you can find this file in cpl-c module directory - for info about
>module
>>param, take a look into module README.
>>
>>bogdan
>>
>>Aisling O'Driscoll wrote:
>>
>>>That worked Bogdon,Thank you, I also added:
>>>modparam ("cpl-c", "cpl_table", "cpl")
>>>
>>>Now it requires the cpl_dtd_file - However I am not sure what path
>>>here: i.e.
>>>modparam("cpl-c", "cpl_dtd_file", "whatpath?")
>>>
>>>Is there a usual directory where this can be found?
>>>
>>>Regards,
>>>Aisling
>>>
>>>
>>>
>>>>---- Original Message ----
>>>>From: bogdan(a)voice-system.ro
>>>>To: vivcurran(a)yahoo.co.uk
>>>>Subject: Re: [Serusers] cpl_init: mandatory parameter "DB_URL"
>found
>>>>empty
>>>>Date: Tue, 12 Apr 2005 18:05:02 +0200
>>>>
>>>>
>>>>
>>>>>sorry, in cpl-c the parameter is called "cpl_db" - I will change
>the
>>>>>
>>>>>
>>>>>error message to state the proper parameter name. (db_url ->
>cpl_db)
>>>>>
>>>>>bogdan
>>>>>
>>>>>
>>>>>Vivienne Curran wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Bogdan,
>>>>>>
>>>>>>I set
>>>>>>modparam("cpl-c","db_url","mysql://root:password@localhost/ser")
>,
>>>>>>however when i tried to restart SER I got:
>>>>>>
>>>>>>set_mod_param_regex: parameter <db_url> not found in module
>>>>>>
>>>>>>
>>>><cpl-c>
>>>>
>>>>
>>>>>>parse error (87,20-21): Can't set module parameter
>>>>>>
>>>>>>I tried db_url in upper case also. An I incoorect in thinking
>that
>>>>>>
>>>>>>
>>>>the
>>>>
>>>>
>>>>>>module should load without this anyway?
>>>>>>
>>>>>>Regards,
>>>>>>Aisling.
>>>>>>
>>>>>>*/Bogdan-Andrei Iancu <bogdan(a)voice-system.ro>/* wrote:
>>>>>>
>>>>>> you have to set the db_url parameter pointing to a DB
>>>>>>
>>>>>>
>>>>connection -
>>>>
>>>>
>>>>>> default is NULL. For example:
>>>>>> modparam("cpl-c","db_url","mysql://ser:heslo@localhost/ser")
>>>>>>
>>>>>> bogdan
>>>>>>
>>>>>> Aisling O'Driscoll wrote:
>>>>>>
>>>>>> >Hello,
>>>>>> >
>>>>>> >I am using ser 0.9.0. When I try to load the cpl module
>e.g.
>>>>>> >loadmodule "/opt/ser/lib/ser/modules/cpl-c.so", and restart
>>>>>>
>>>>>>
>>>>ser, I
>>>>
>>>>
>>>>>> >get the following error:
>>>>>> >
>>>>>> >ERROR:cpl_init: mandatory parameter "DB_URL" found empty
>>>>>> >init_mod(): Error while initializing module cpl-c
>>>>>> >
>>>>>> >When I check in /opt/ser/lib/ser/modules, the cpl-c module
>si
>>>>>>
>>>>>>
>>>>there.
>>>>
>>>>
>>>>>> >Does anyone have any clue how this can be resolved?
>>>>>> >
>>>>>> >Thank you,
>>>>>> >Aisling.
>>>>>>
>>>>>>
>>>
>>>
>>
>>
>>-------------------Legal
>Disclaimer---------------------------------------
>>
>>The above electronic mail transmission is confidential and intended
>only for the person to whom it is addressed. Its contents may be
>protected by legal and/or professional privilege. Should it be
>received by you in error please contact the sender at the above
>quoted email address. Any unauthorised form of reproduction of this
>message is strictly prohibited. The Institute does not guarantee the
>security of any information electronically transmitted and is not
>liable if the information contained in this communication is not a
>proper and complete record of the message as transmitted by the
>sender nor for any delay in its receipt.
>>
>>
-------------------Legal Disclaimer---------------------------------------
The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt.
Hi all
Please i wanna write into radius log IP of my gw psnt to get more
control , it's possible ? i have using Freeradius-1.02 and SER 0.8.14 .
thks for all
Best Regards
Hello list.
I had been experimenting some weird behavior in my SER program. A
couple of times my SER seems to be hung. For example the first time, all
the REGISTER messages reaching the server were not challenged, even worst
the server don't respond anything. The second time it happened with the
INVITE messages. The weird thing is that the SER process were still
running.
I don't know what could cause this problem, but my question is : Is there a
way to log information about the "internal system process" to have a clue
about what is happening?.
I would really appreciate any help.
Thanks
Ricardo Martinez.-
Alex hi thanks for the fast reply.
I tried to use other client and it's seems to work, very strange, if i
am changing in my client to use other server i can see the
authentication process in the radius logs, but when i swap ip to my
server i can't see anything in the radius logs.
BTW the other ip phone working great.
thanks for help.
On 4/14/05, Alex <alexandergav(a)gmail.com> wrote:
> Alex hi thanks for the fast reply.
>
> I tried to use other client and it's seems to work, very strange, if i
> am changing in my client to use other server i can see the
> authentication process in the radius logs, but when i swap ip to my
> server i can't see anything in the radius logs.
>
> BTW the other ip phone working great.
>
> thanks for help.
>
>
> On 4/14/05, Alex Mack <amack(a)fhm.edu> wrote:
> > Hi!
> >
> > SER is sending a nonce in its 401 reply. This is the challenge from the
> > SER to the UA.
> > The UA now has to calculate a reply implying his password and the given
> > nonce. The answer has to be added in an Authorization-Header inside the
> > next REGISTER.
> >
> > The message flow (without RADIUS messages) would look like:
> >
> > UA SER
> > | |
> > | REGISTER w/o Auth |
> > |-------------------->|
> > | |
> > | 401 Unauthorized (with nonce)
> > |<--------------------|
> > | |
> > | ACK |
> > |-------------------->|
> > | |
> > | REGISTER with Auth (calculated from nonce)
> > |-------------------->|
> > | |
> > | 200 OK |
> > |<--------------------|
> > | |
> >
> > The second register has to have an "Authorization" header, otherwise
> > your client is misconfigured or misbehaving. Test it with another
> > client, e.g. X-Lite (www.xten.com)
> >
> > Alex Mack
> >
> > Alex schrieb:
> >
> > >So Daniel like i understand the problem is my radius configuration,
> > >another thing is that my ATA sending the same stuff, i mean if i will
> > >change the sip server to different one where i installed freeradius
> > >with ser it's working fine.
> > >
> > >Daniel where i can start to fix that problem.?
> > >
> > >Thank you very much for your time.
> > >
> > >On 4/14/05, Alex <alexandergav(a)gmail.com> wrote:
> > >
> > >
> > >>So Daniel like i understand the problem is my radius configuration,
> > >>another thing is that my ATA sending the same stuff, i mean if i will
> > >>change the sip server to different one where i installed freeradius
> > >>with ser it's working fine.
> > >>
> > >>Daniel where i can start to fix that problem.?
> > >>
> > >>Thank you very much for your time.
> > >>
> > >>
> > >>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
> > >>
> > >>
> > >>>The second REGISTER (the block 3) must contains the response to the
> > >>>authentication challenge carried by 401 reply (block 2). That means that
> > >>>the block 3 must contain an Authorization header with authentication
> > >>>credentials computed according to HTTP-Digest authentication mechanism
> > >>>(RFC2617). Also, see the section 22.Usage of HTTP Authentication in SIP
> > >>>RFC3261 for more about user authentication in SIP.
> > >>>
> > >>>Daniel
> > >>>
> > >>>On 04/14/05 13:16, Alex wrote:
> > >>>
> > >>>
> > >>>
> > >>>>Sorry Daniel , i didn't get that, I send here 4 blocks, 1 one is the
> > >>>>register request the 2 is the reply from the server, 3 is the register
> > >>>>request, 4 is the reply from the server. If you can please point me to
> > >>>>the problem. Because like i see the 2 register requests (1,3 blocks)
> > >>>>are the same.
> > >>>>
> > >>>>
> > >>>>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>As you can see, the second REGISTER does not contain the authentication
> > >>>>>credentials (No Authorization header) in response to 401 reply. So,
> > >>>>>either you didn't configure the phone to authenticate or the Grandstream
> > >>>>>HT286 1.0.5.18 is faulty.
> > >>>>>
> > >>>>>Daniel
> > >>>>>
> > >>>>>
> > >>>>>On 04/14/05 12:35, Alex wrote:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>>Daniel thanks
> > >>>>>>btw it's clean installation of Red Hat Enterprise Linux AS release 3
> > >>>>>>ser-08.14 , freeradius-1.2 , radiusclient-4.8
> > >>>>>>
> > >>>>>>i am sending ngrep port 5060
> > >>>>>>i have here 2 requests of register and the replies to register.
> > >>>>>>
> > >>>>>>
> > >>>>>>xxx.xxx.xxx.xxx - sipserverip
> > >>>>>>telephoneip - ip where the call coming from
> > >>>>>>Phonenumber - phone number
> > >>>>>>
> > >>>>>>--------------------------------------------------------------------------------------------------
> > >>>>>>
> > >>>>>>U telephoneip:10739 -> xxx.xxx.xxx.xxx:5060
> > >>>>>>REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0..Via: SIP/2.0/UDP
> > >>>>>>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex" <
> > >>>>>>sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>..Contact: <sip
> > >>>>>>:Phonenumber@telephoneip:10000;user=phone>..Call-ID:
> > >>>>>>1cff1b8955b8fa5c@10.0.0.4..CSeq: 106 REGISTER..Expires:
> > >>>>>>3600..User-Agent
> > >>>>>>: Grandstream HT286 1.0.5.18..Max-Forwards: 70..Allow:
> > >>>>>>INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE..Content-Lengt
> > >>>>>>h: 0....
> > >>>>>>#
> > >>>>>>U xxx.xxx.xxx.xxx:5060 -> telephoneip:10000
> > >>>>>>SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> > >>>>>>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex"
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=b27e1a1d33761e85846fc9
> > >>>>>>8f5f3a7e58.f894..Call-ID: 1cff1b8955b8fa5c@10.0.0.4..CSeq: 106
> > >>>>>>REGISTER..WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonc
> > >>>>>>e="425e3ac34dc9509392435c11fb260f41420049c7"..Server: Sip EXpress
> > >>>>>>router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392
> > >>>>>> xxx.xxx.xxx.xxx:5060 "Noisy feedback tells: pid=1912
> > >>>>>>req_src_ip=telephoneip req_src_port=10739 in_uri=sip:xxx.xxx.xxx.xxx
> > >>>>>>out_uri=sip:xxx.xxx.xxx.xxx via_cnt==1"....
> > >>>>>>#
> > >>>>>>
> > >>>>>>U telephoneip:10740 -> xxx.xxx.xxx.xxx:5060
> > >>>>>>REGISTER sip:xxx.xxx.xxx.xxx SIP/2.0..Via: SIP/2.0/UDP
> > >>>>>>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex" <
> > >>>>>>sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>..Contact: <sip
> > >>>>>>:Phonenumber@telephoneip:10000;user=phone>..Call-ID:
> > >>>>>>1cff1b8955b8fa5c@10.0.0.4..CSeq: 106 REGISTER..Expires:
> > >>>>>>3600..User-Agent
> > >>>>>>: Grandstream HT286 1.0.5.18..Max-Forwards: 70..Allow:
> > >>>>>>INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE..Content-Lengt
> > >>>>>>h: 0....
> > >>>>>>#
> > >>>>>>U xxx.xxx.xxx.xxx:5060 -> telephoneip:10000
> > >>>>>>SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> > >>>>>>telephoneip:10000;branch=z9hG4bK98514c3b052d7df6..From: "Test Alex"
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=50673f1baca1958c..To:
> > >>>>>><sip:Phonenumber@xxx.xxx.xxx.xxx;user=phone>;tag=b27e1a1d33761e85846fc9
> > >>>>>>8f5f3a7e58.f894..Call-ID: 1cff1b8955b8fa5c@10.0.0.4..CSeq: 106
> > >>>>>>REGISTER..WWW-Authenticate: Digest realm="xxx.xxx.xxx.xxx", nonc
> > >>>>>>e="425e3acb812b5b2e8aa023e3fcffc618dc4cf661"..Server: Sip EXpress
> > >>>>>>router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392
> > >>>>>> xxx.xxx.xxx.xxx:5060 "Noisy feedback tells: pid=1885
> > >>>>>>req_src_ip=telephoneip req_src_port=10740 in_uri=sip:xxx.xxx.xxx.xxx
> > >>>>>>out_uri=sip:xxx.xxx.xxx.xxx via_cnt==1"....
> > >>>>>>#
> > >>>>>>
> > >>>>>>
> > >>>>>>tell me if you need something else.
> > >>>>>>
> > >>>>>>
> > >>>>>>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>Could you post the network dump with REGISTER/401/REGISTER messages? I
> > >>>>>>>will take a look to see if something is wrong.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>On 04/14/05 12:16, Alex wrote:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>Digest realm is the same for the register requests.
> > >>>>>>>>furthermore the realm in To tag is correct.
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>Did you mean To URI instead of To tag?
> > >>>>>>>
> > >>>>>>>Daniel
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>what else it can be.
> > >>>>>>>>Thanks for any help.
> > >>>>>>>>
> > >>>>>>>>On 4/14/05, Daniel-Constantin Mierla <daniel(a)voice-system.ro> wrote:
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>>Watch the network traffic (ngrep or ethereal on port 5060) and check the
> > >>>>>>>>>realm from 401 is the same as the one from next REGISTER. Also, when
> > >>>>>>>>>you use the empty realm parameter to radius_ww_authorize() and
> > >>>>>>>>>www_challenge(), the realm is taken from To URI.
> > >>>>>>>>>
> > >>>>>>>>>Daniel
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>On 04/14/05 08:08, Alex wrote:
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>>Hi guys maybe someone can find the problem, i still can't see anything
> > >>>>>>>>>>going to radius authentication. (the radius logs are empty)
> > >>>>>>>>>>
> > >>>>>>>>>>the register request is coming but it's not going to authenticate
> > >>>>>>>>>>through the radius.
> > >>>>>>>>>>Any help will be appreciated.
> > >>>>>>>>>>
> > >>>>>>>>>>here is the debug from ser :
> > >>>>>>>>>>---------------------------------------------------------------------------------------------
> > >>>>>>>>>>14(1036) parse_headers: flags=-1
> > >>>>>>>>>>14(1036) check_via_address(62.219.158.191, 62.219.158.191, 1)
> > >>>>>>>>>>14(1036) DEBUG:destroy_avp_list: destroing list (nil)
> > >>>>>>>>>>14(1036) receive_msg: cleaning up
> > >>>>>>>>>>9(1012) SIP Request:
> > >>>>>>>>>>9(1012) method: <REGISTER>
> > >>>>>>>>>>9(1012) uri: <sip:xxx.xxx.xxx.xxx>
> > >>>>>>>>>>9(1012) version: <SIP/2.0>
> > >>>>>>>>>>9(1012) parse_headers: flags=1
> > >>>>>>>>>>9(1012) Found param type 232, <branch> = <z9hG4bKfc5751413c832e6d>; state=16
> > >>>>>>>>>>9(1012) end of header reached, state=5
> > >>>>>>>>>>9(1012) parse_headers: Via found, flags=1
> > >>>>>>>>>>9(1012) parse_headers: this is the first via
> > >>>>>>>>>>9(1012) After parse_msg...
> > >>>>>>>>>>9(1012) preparing to run routing scripts...
> > >>>>>>>>>>9(1012) REGISTER: Authenticating user
> > >>>>>>>>>>9(1012) parse_headers: flags=4
> > >>>>>>>>>>9(1012) end of header reached, state=9
> > >>>>>>>>>>9(1012) DEBUG: get_hdr_field: <To> [45];
> > >>>>>>>>>>uri=[sip:phonenumber@xxx.xxx.xxx.xxx;user=phone]
> > >>>>>>>>>>9(1012) DEBUG: to body [<sip:phonenumber@xxx.xxx.xxx.xxx;user=phone>
> > >>>>>>>>>>]
> > >>>>>>>>>>
> > >>>>>>>>>>9(1012) parse_headers: flags=4096
> > >>>>>>>>>>9(1012) get_hdr_field: cseq <CSeq>: <103> <REGISTER>
> > >>>>>>>>>>9(1012) DEBUG: get_hdr_body : content_length=0
> > >>>>>>>>>>9(1012) found end of header
> > >>>>>>>>>>9(1012) pre_auth(): Credentials with given realm not found
> > >>>>>>>>>>9(1012) REGISTER: challenging user
> > >>>>>>>>>>9(1012) build_auth_hf(): 'WWW-Authenticate: Digest
> > >>>>>>>>>>realm="xxx.xxx.xxx.xxx",
> > >>>>>>>>>>nonce="425e063022afc1142ed6730d46da41692ff3ed57"
> > >>>>>>>>>>
> > >>>>>>>>>>_______________________________________________
> > >>>>>>>>>>Serusers mailing list
> > >>>>>>>>>>serusers(a)lists.iptel.org
> > >>>>>>>>>>http://lists.iptel.org/mailman/listinfo/serusers
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>
> > >>>>
> > >>>>
> > >
> > >_______________________________________________
> > >Serusers mailing list
> > >serusers(a)lists.iptel.org
> > >http://lists.iptel.org/mailman/listinfo/serusers
> > >
> > >
> > >
> > >
> >
> >
>
Why not use a heartbeat setup with a shared IP address? You could replicate
registration data on the unique ip addresses on each server using SER's
replication, and use a shared IP address to talk to the end points (which
also eliminates problems with symmetric nats as they're always talking to
the same IP address).
It would be a simple matter to use SIPsak to monitor the SIP responsiveness,
and shell script/perl script to monitor the actual processes on each server.
If anything went south, you could initiate failover of the shared ip
address.
Seems like it'd be a lot less expensive than an F5 setup.
Just a thought..
- Darren
On 4/13/05 6:00 AM, "serusers-request(a)lists.iptel.org"
<serusers-request(a)lists.iptel.org> wrote:
> Message: 5
> Date: Wed, 13 Apr 2005 06:55:00 +0200
> From: "Greger V. Teigre" <greger(a)teigre.com>
> Subject: Re: [Serusers] Load Balancing via UltraMonkey/ldirectord
> To: "Matt Schulte" <mschulte(a)netlogic.net>, <serusers(a)lists.iptel.org>
> Message-ID: <009c01c53fe4$f33e31c0$6400a8c0@MrMaster>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
> So, you found the budget? Or was the pain just big enough...
> Let's see what we can do. It will take some time, I assume, so meanwhile...
> g-)
> Matt Schulte wrote:
>> Heheh, we may actually test one of those F5network switches...i f we
>> don't come up with a fairly painless, bugfree, and most importantly
>> supportable solution. :-) I cannot code therefore I would be useless,
>> but I can safely say learning C is on my to-do list. We may however be
>> willing to contribute to a bounty, at the very least I'd be more than
>> happy to test :D
>>
>> Matt
>>
>> -----Original Message-----
>> From: Greger V. Teigre [mailto:greger@teigre.com]
>> Sent: Tuesday, April 12, 2005 5:29 AM
>> To: Matt Schulte; serusers(a)lists.iptel.org
>> Subject: Re: [Serusers] Load Balancing via UltraMonkey/ldirectord
>>
>>
>> :-) Yes, layer 7 switch is of course nice. But then again, you need to
>> make
>> sure that you can price your services where people will buy them...
>>
>> I wonder whether it is possible to gather some people interested in
>> this and
>> get something started on the development side. AFAIK, LVS struggles
>> with
>>
>> other UDP services too, so a ipvs UDP content analyzer would probably
>> be of
>> interest. I looked at the source code and I think the most difficult
>> thing
>> would be to extend the ipvs framework to allow a module to peak into
>> the
>>
>> packet (and not only the header). I don't know what kind of
>> performance penalties you get either.
>>
>> I have seen several people being willing to sponsor development. We
>> could
>> hire somebody at http://www.rentacoder.com/ ;-)
>> g-)
>>
>> Matt Schulte wrote:
>>> Yah I noticed the other post after I posted mine, I don't see how it
>>> would easily be possible to address the sticky issue. It would
>>> require
>>
>>> making a SIP aware proxy of sorts, which is a bit out of my
>>> abilities.
>>
>>> Has anyone been able to address this issue? Of course a layer7 switch
>>> would do wonders and eliminate the need for all this, but who has
>>> that
>>
>>> money laying around :D
>>>
>>> I've done a little research (google) and noticed people mentioning it
>>> when talking about LVS, one guy said he was going to write a module
>>> but posted nothing more. That would be pretty slick.
>>>
>>> Matt
>>>
>>> -----Original Message-----
>>> From: Greger V. Teigre [mailto:greger@teigre.com]
>>> Sent: Monday, April 11, 2005 3:04 AM
>>> To: Matt Schulte; serusers(a)lists.iptel.org
>>> Subject: Re: [Serusers] Load Balancing via UltraMonkey/ldirectord
>>>
>>>
>>> If you see another thread (using the rather intuitive subject: Re:
>>> [Serusers] more usrloc synchronization), you will see discussions on
>>> using LVS in general. AFAIK, which high availability solution to use
>>> for LVS, is
>>> more based on your personal preferences, UltraMonkey is probably a
>>> safe choice. Anyway, you will need to address the "stickiness"
>>> issue. g-)
>>>
>>> Matt Schulte wrote:
>>>> Has anyone attempted to load balance SER using
>>>> Ultramonkey/ldirectord?
>>>
>>>> I've noticed all it does is pretty much NAT and send requests
>>>> accordingly, the trick I guess would be the NAT part. If the SIP
>>>> headers = myself, would there really be any issues? One problem I
>>>> can
>>
>>>> foresee is the possibility that loose routing would hit the wrong
>>>> server. Just wanted to ask around before I wasted time trying it out
>>>> for myself :-) Thanks
>>>>
>>>> Matt
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
As well as I am.
"Greger V. Teigre" <greger(a)teigre.com> wrote:> The only bright point I can offer here is that I'm 100% certain that
> the LVS source code has __not__ been modified.
Which really makes me annoyed, because I cannot right now see any other obvious path (i.e. simpler).
g-)
>
> Sorry,
> Paul
>
>
> On Apr 11, 2005 4:46 AM, Greger V. Teigre <greger(a)teigre.com> wrote:
> After my last email, I looked at ktcpvs and realized I ignored a
> couple of things: ktcpvs only supports tcp (http is obviously
> tcp-based, but I thought it supported udp for other protocols). I
> don't know how much work implementing udp would be.
> Here is a discussion of SIP and LVS that I found useful (though
> not encouraging).
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services_that_dont_w…
>
> Paul: I'm starting to get really curious on the standard LVS
> components used for your stickiness! I'm not aware (also after
> searching now) of an LVS balancing mechanism that allows correct
> stickness on SIP udp...!
> And I found other too who are looking for it:
> http://archive.linuxvirtualserver.org/html/lvs-users/2005-02/msg00251.html
>
> My understanding is that ipvs must be extended (according to the
> developer) with a call-id based scheduler and that this work has
> several people willing to fund development, but that this has not(?)
> started yet. The problem is that ipvs is based on ip header analysis
> and extending the hashing algorithms to also include payload-based
> analysis is not straight-forward.
> g-)
---------------------------------
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
Warning: fopen("/tmp/ser_fifo", "w") - Permission denied in
/var/www/html/serweb/functions.php
Regards
Paul Dracevich
Wireless Technology Consultant
Wayby Group
Mobile +64 29 638 9675
Phone +64 9 623 2143
Fax +64 9 623 1380
email paul(a)vnet.cc
website www.vnet.cc
<file:///C:\Documents%20and%20Settings\paul\Application%20Data\Microsoft
\Signatures\www.vnet.cc>
"the freedom to communicate is the right of every individual in the 21st
century" "Intellectual Property protection is the key to the Knowledge
Economy" This email was sent to you via YOUtopia ... it's all about YOU.
The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the intended
recipient then you must not use, disseminate, distribute or copy any
information contained in this email or any attachments. If you have
received this email in error, please contact us immediately and delete
this email. Thank you.
